New ETSI Specification Aims to Secure AI Throughout Its Lifecycle
The European Telecommunications Standards Institute (ETSI) has introduced the new ETSI TS 104 223 specification, a pioneering framework designed to offer robust cybersecurity guidance for securing artificial intelligence (AI) systems. This specification seeks to protect end users by adopting a comprehensive whole-lifecycle approach. It outlines 13 core principles, which further detail into 72 specific, trackable principles spread across five key phases of the AI lifecycle. The objective is to bolster the security of AI systems significantly.
In an increasingly digitized world, the security of AI technology is becoming paramount. The ETSI TS 104 223 specification outlines high-level principles and provisions aimed at securing AI. Targeting a broad range of stakeholders within the AI supply chain—including developers, vendors, integrators, and operators—this new framework provides a robust set of baseline security requirements. As cyber threats evolve continuously, this guidance is crucial for protecting AI systems against a variety of digital threats.
AI poses unique challenges in comparison to traditional software systems. The risks associated with AI can include issues such as data poisoning, model obfuscation, indirect prompt injection, and vulnerabilities linked to intricate data management. Recognizing these distinctive challenges, the ETSI TS 104 223 specification provides targeted guidance that merges established practices in both cybersecurity and AI with innovative approaches tailored specifically for the intricacies of AI technology.
The development of this specification was spearheaded by the ETSI Technical Committee (TC) on Securing Artificial Intelligence (SAI). This committee is composed of representatives from various sectors, including international organizations, government entities, and cybersecurity experts. The collaborative effort ensures that the established requirements are both globally relevant and practical for real-world implementation, reinforcing the commitment to enhancing AI security on an international scale.
In addition to the main specification document, ETSI plans to publish a practical implementation guide aimed at assisting Small and Medium Enterprises (SMEs) and other stakeholders. This guide will include case studies from various deployment environments, providing organizations with actionable insights on how to implement the security requirements effectively. By making this information accessible, ETSI aims to empower smaller organizations that may lack the resources to navigate complex cybersecurity frameworks independently.
Scott Cadzow, Chair of ETSI’s Technical Committee for Securing Artificial Intelligence, emphasized the importance of this new specification in the context of escalating cyber threats. He stated, “In an era where cyber threats are growing in both volume and sophistication and negatively impacting organizations of every kind, it is vital that the design, development, deployment, and operation and maintenance of AI models is protected from malicious and unwanted inference.” This remark underscores a significant shift in the approach to AI development; security must now be viewed not merely as an optional addition, but as a core requirement that persists throughout the entire lifecycle of AI systems.
Cadzow further added that the specifications would not only have a profound impact in Europe but also set a standard for AI security globally. “This publication is a global first in setting a clear baseline for securing AI and sets TC SAI on the path to giving trust in the security of AI for all its stakeholders,” he stated.
As companies and institutions across various sectors continue to invest heavily in AI technologies, the need for a formalized approach to securing these systems is critical. The ETSI TS 104 223 aims to meet this need, providing organizations with the guidelines necessary to ensure that their AI systems are safe from a wide array of potential threats. With growing reliance on AI across industries, the importance of maintaining robust security protocols cannot be overstated.
This new specification serves as a pivotal step forward in establishing confidence in AI systems, ensuring that they can operate safely in complex environments. As organizations implement these guidelines, they will not only help defend against current cyber threats but also foster a culture of security that can adapt to emerging challenges in the future. The ETSI TS 104 223 represents a foundational aspect of future-proofing AI, aligning with global standards for security to promote safer digital ecosystems.